Cyber-Crystal

#11950of 53,624
22.9Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2012-5838
4.3
2012-10-01
Peel · Peel Shopping · CVE-2012-5226
**Name of the Vulnerable Software and Affected Versions** Peel SHOPPING versions 2.8 through 2.9 **Description** The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the `motclef` parameter to "achat/recherche.php" or the PATH INFO to "index.php". **Recommendations** For versions 2.8 and 2.9, avoid using the `motclef` parameter in the "achat/recherche.php" endpoint and restrict access to the PATH INFO in "index.php" until a fix is available.
PT-2012-5839
7.5
2012-10-01
Peel · Peel Shopping · CVE-2012-5227
**Name of the Vulnerable Software and Affected Versions** Peel SHOPPING versions 2.8 through 2.9 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `id` parameter in the administrer/tva.php file. **Recommendations** For Peel SHOPPING versions 2.8 through 2.9, avoid using the `id` parameter in the administrer/tva.php file until a fix is available. Consider restricting access to the administrer/tva.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2012-5840
4.3
2012-10-01
Phplist · Phplist · CVE-2012-5228
**Name of the Vulnerable Software and Affected Versions** phplist versions prior to 2.10.19 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via the `testtarget` parameter in the "admin/index.php" page, potentially leading to cross-site scripting (XSS) attacks. **Recommendations** For versions prior to 2.10.19, update to version 2.10.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the `testtarget` parameter in the "admin/index.php" page to minimize the risk of exploitation.
PT-2012-5723
6.8
2012-09-19
Vr · Vr Gpub · CVE-2012-5005
**Name of the Vulnerable Software and Affected Versions** VR GPub version 4.0 **Description** A cross-site request forgery (CSRF) issue exists, allowing remote attackers to hijack the authentication of admins for requests that add admin accounts via an `add` action in the `admin/admin options.php` file. **Recommendations** For VR GPub version 4.0, consider implementing CSRF protection mechanisms, such as tokens, to prevent unauthorized requests. As a temporary workaround, restrict access to the `admin/admin options.php` file to minimize the risk of exploitation.